DEPARTMENT OF COMPUTER ENGINEERING

LAB MANUAL
Third Year CSE- Semester VI

CRYPTOGRAPHY AND SYSTEM SECURITY LAB[CSL602]

ACADEMIC YEAR 2023-24

 Experiment No: 01

Aim:- Implementation of a product cipher using Substitution and Transposition ciphers

Theory : A substitution cipher is a method of encrypting by which units of plaintext are

replaced with cipher text, according to a fixed system; the "units" may be single letters (the most
common), pairs of letters, triplets of letters, mixtures of the above, and so forth. The receiver
deciphers the text by performing the inverse substitution. A transposition cipher is methods of
encryption by which the positions held by units of plaintext (which are commonly characters or
groups of characters) are shifted according to a regular system, so that the cipher text constitutes
a permutation of the plaintext. That is, the order of the units is changed (the plaintext is
reordered). Mathematically a bijective function is used on the characters' positions to encrypt and
an inverse function to decrypt. In cryptography, a product cipher combines two or more
transformations in a manner intending that the resulting cipher is more secure than the individual
components to make it resistant to cryptanalysis. The product cipher combines a sequence of
simple transformations such as substitution (S-box), permutation (P-box), and modular
arithmetic.

Program:-
// Java implementation of Substitution Cipher

import java.io.*;

import java.util.*;

import java.util.HashMap;

import java.util.Map;

public class CaesarCipher {

public static void main(String[] args) {

 String allLetters = "abcdefghijklmnopqrstuvwxyzABCDEFGHI" +
"JKLMNOPQRSTUVWXYZ";

// create a dictionary to store the substitution for the given alphabet in the plain
text based on the key

Map<Character, Character> dict1 = new HashMap<>();

int key = 4;

for (int i = 0; i < allLetters.length(); i++) {

dict1.put(allLetters.charAt(i),

allLetters.charAt((i + key) % allLetters.length()));

String plainText = "I am studying Data Encryption";

StringBuilder cipherText = new StringBuilder();

// loop to generate ciphertext

for (char c : plainText.toCharArray()) {

if (allLetters.indexOf(c) != -1) {

cipherText.append(dict1.get(c));

} else {

cipherText.append(c);

}
 System.out.println("Cipher Text is: " + cipherText);

// create a map to store the substitution for the given alphabet in the cipher text
based on the key

Map<Character, Character> dict2 = new HashMap<>();

for (int i = 0; i < allLetters.length(); i++) {

dict2.put(allLetters.charAt(i),

allLetters.charAt((i - key + allLetters.length()) %

allLetters.length()));

StringBuilder decryptedText = new StringBuilder();

// loop to recover plain text

for (char c : cipherText.toString().toCharArray()) {

if (allLetters.indexOf(c) != -1) {

decryptedText.append(dict2.get(c));

} else {

decryptedText.append(c);

}
 System.out.println("Recovered plain text: " + decryptedText);

Output:-
Cipher Text is: M eq wxyhCmrk Hexe IrgvCtxmsr

Recovered plain text: I am studying Data Encryption

 Experiment No: 02

Aim: Implementation and Analysis of RSA Cryptosystem.

Theory: RSA algorithm is an asymmetric cryptography algorithm. Asymmetric actually means

that it works on two different keys i.e. Public Key and Private Key. As the name describes that
the Public Key is given to everyone and the Private key is kept private.

An example of asymmetric cryptography:

1. A client (for example browser) sends its public key to the server and requests some data.

2. The server encrypts the data using the client’s public key and sends the encrypted data.

3. The client receives this data and decrypts it.

Since this is asymmetric, nobody else except the browser can decrypt the data even if a third
party has the public key of the browser.

The idea! The idea of RSA is based on the fact that it is difficult to factorize a large integer. The
public key consists of two numbers where one number is a multiplication of two large prime
numbers. And private key is also derived from the same two prime numbers. So if somebody can
factorize the large number, the private key is compromised. Therefore encryption strength totally
lies on the key size and if we double or triple the key size, the strength of encryption increases
exponentially. RSA keys can be typically 1024 or 2048 bits long, but experts believe that 1024-
bit keys could be broken in the near future. But till now it seems to be an infeasible task.

Implementation of the RSA algorithm:

Let us learn the mechanism behind the RSA algorithm :

>> Generating Public Key:

Select two prime no's. Suppose P = 53 and Q = 59.

Now First part of the Public key : n = P*Q = 3127.

We also need a small exponent say e :

But e Must be

An integer.

Not be a factor of Φ(n).

1 < e < Φ(n) [Φ(n) is discussed below],

Let us now consider it to be equal to 3.

Our Public Key is made of n and e

>> Generating Private Key:

We need to calculate Φ(n) :

Such that Φ(n) = (P-1)(Q-1)

so, Φ(n) = 3016

Now calculate Private Key, d :

d = (k*Φ(n) + 1) / e for some integer k

For k = 2, value of d is 2011.

Now we are ready with our – Public Key ( n = 3127 and e = 3) and Private Key(d = 2011)
Now we will encrypt “HI”:
Convert letters to numbers : H = 8 and I = 9

Thus Encrypted Data c = (89e)mod n

Thus our Encrypted Data comes out to be 1394

Now we will decrypt 1394 :

Decrypted Data = (cd)mod n

Thus our Encrypted Data comes out to be 89

8 = H and I = 9 i.e. "HI".

Implementation of program:
Method 1: Encrypting and decrypting small numeral values:

/*package whatever //do not write package name here */

import java.io.*;

import java.math.*;

import java.util.*;

/*

* Java program for RSA asymmetric cryptographic algorithm.

* For demonstration, values are

* relatively small compared to practical application

*/

public class GFG {

public static double gcd(double a, double h)

{

/*

* This function returns the gcd or greatest common

* divisor

*/

double temp;

while (true) {

temp = a % h;

if (temp == 0)

return h;

a = h;

h = temp;

public static void main(String[] args)

double p = 3;

double q = 7;

// Stores the first part of public key:

double n = p * q;
// Finding the other part of public key.

// double e stands for encrypt

double e = 2;

double phi = (p - 1) * (q - 1);

while (e < phi) {

/*

* e must be co-prime to phi and

* smaller than phi.

*/

if (gcd(e, phi) == 1)

break;

else

e++;

int k = 2; // A constant value

double d = (1 + (k * phi)) / e;

// Message to be encrypted

double msg = 12;

System.out.println("Message data = " + msg);

 // Encryption c = (msg ^ e) % n

double c = Math.pow(msg, e);

c = c % n;

System.out.println("Encrypted data = " + c);

// Decryption m = (c ^ d) % n

double m = Math.pow(c, d);

m = m % n;

System.out.println("Original Message Sent = " + m);

Output:
Message data = 12.000000

Encrypted data = 3.000000

Original Message Sent = 12.000000

Conclusion: RSA Algorithm is very easy to implement. Confidential data can be transmitted
safely and securely using RSA Algorithm. RSA Algorithm involves a lot of complex
mathematics which makes it more difficult to crack. You can easily share the public key with
users.
 Experiment no: 03

Aim: Implementation of Diffie-Hellman Algorithm

Theory: The Diffie-Hellman algorithm is being used to establish a shared secret that can be
used for secret communications while exchanging data over a public network using the elliptic
curve to generate points and get the secret key using the parameters.

For the sake of simplicity and practical implementation of the algorithm, we will consider only 4
variables, one prime P and G (a primitive root of P) and two private values a and b.

P and G are both publicly available numbers. Users (say Alice and Bob) pick private values a
and b and they generate a key and exchange it publicly. The opposite person receives the key and
that generates a secret key, after which they have the same secret key to encrypt.

Example:
Step 1: Alice and Bob get public numbers P = 23, G = 9

Step 2: Alice selected a private key a = 4 and

Bob selected a private key b = 3

Step 3: Alice and Bob compute public values

Alice: x =(9^4 mod 23) = (6561 mod 23) = 6

Bob: y = (9^3 mod 23) = (729 mod 23) = 16

Step 4: Alice and Bob exchange public numbers

Step 5: Alice receives public key y =16 and

Bob receives public key x = 6

Step 6: Alice and Bob compute symmetric keys

Alice: ka = y^a mod p = 65536 mod 23 = 9

Bob: kb = x^b mod p = 216 mod 23 = 9

Step 7: 9 is the shared secret.

Program:
#include <math.h>

#include <stdio.h>

// Power function to return value of a ^ b mod P

long long int power(long long int a, long long int b,

long long int P)

if (b == 1)

return a;

else

return (((long long int)pow(a, b)) % P);

// Driver program

int main()

long long int P, G, x, a, y, b, ka, kb;

// Both the persons will be agreed upon the

// public keys G and P

P = 23; // A prime number P is taken

 printf("The value of P : %lld\n", P);

G = 9; // A primitive root for P, G is taken

printf("The value of G : %lld\n\n", G);

// Alice will choose the private key a

a = 4; // a is the chosen private key

printf("The private key a for Alice : %lld\n", a);

x = power(G, a, P); // gets the generated key

// Bob will choose the private key b

b = 3; // b is the chosen private key

printf("The private key b for Bob : %lld\n\n", b);

y = power(G, b, P); // gets the generated key

// Generating the secret key after the exchange

// of keys

ka = power(y, a, P); // Secret key for Alice

kb = power(x, b, P); // Secret key for Bob

printf("Secret key for the Alice is : %lld\n", ka);

printf("Secret Key for the Bob is : %lld\n", kb);

return 0;

Output:
The value of P : 23

The value of G : 9
The private key a for Alice : 4

The private key b for Bob : 3

Secret key for the Alice is : 9

Secret Key for the Bob is : 9

 Experiment No: 04

Aim: For varying message size, test integrity of message using md5, sha1and analyze the
performance of the 2 protocols use crypt API's

Theory:
MD5
The MD5 (message-digest algorithm) hashing algorithm is a one-way cryptographic function
that accepts a message of any length as input and returns as output a fixed-length digest value to
be used for authenticating the original message. The MD5 hash function was originally designed
for use as a secure cryptographic hash algorithm for authenticating digital signatures. But MD5
has been deprecated for uses other than as a noncryptographic checksum to verify data
integrity and detect unintentional data corruption.

What is MD5 used for?

Although originally designed as a cryptographic message authentication code algorithm for use on
the internet, MD5 hashing is no longer considered reliable for use as a cryptographic
checksum because security experts have demonstrated techniques capable of easily producing
MD5 collisions on commercial off-the-shelf computers. An encryption collision means two files
have the same hash. Hash functions are used for message security, password security, computer
forensics and cryptocurrency.

Ronald Rivest, founder of RSA Data Security LLC and professor at Massachusetts Institute of
Technology, designed MD5 in 1991 as an improvement to a prior message-digest algorithm,
MD4. Describing it in Internet Engineering Task Force ( IETF) Request for Comments (RFC)
1321, "The MD5 Message-Digest Algorithm," he wrote:
The algorithm takes as input a message of arbitrary length and produces as output a 128-bit
'fingerprint' or 'message digest' of the input. It is conjectured that it is computationally infeasible
to produce two messages having the same message digest, or to produce any message having a
given prespecified target message digest. The MD5 algorithm is intended for digital signature
applications, where a large file must be 'compressed' in a secure manner before being encrypted
with a private (secret) key under a public-key cryptosystem such as RSA.
IETF suggests MD5 hashing can still be used for integrity protection, noting: "Where the MD5
checksum is used inline with the protocol solely to protect against errors, an MD5 checksum is
still an acceptable use." However, it added that "any application and protocol that employs MD5
for any purpose needs to clearly state the expected security services from their use of MD5."

SHA1 -

SHA-1 forms part of several widely used security applications and protocols,
including TLS and SSL, PGP, SSH, S/MIME, and IPsec. Those applications can also use MD5;
both MD5 and SHA-1 are descended from MD4.
SHA-1 and SHA-2 are the hash algorithms required by law for use in certain U.S.
government applications, including use within other cryptographic algorithms and protocols, for
the protection of sensitive unclassified information. FIPS PUB 180-1 also encouraged adoption
and use of SHA-1 by private and commercial organizations. SHA-1 is being retired from most
government uses; the U.S. National Institute of Standards and Technology said, "Federal
agencies should stop using SHA-1 for...applications that require collision resistance as soon as
practical, and must use the SHA-2 family of hash functions for these applications after
2010", though that was later relaxed to allow SHA-1 to be used for verifying old digital
signatures and time stamps.
A prime motivation for the publication of the Secure Hash Algorithm was the Digital Signature
Standard, in which it is incorporated.
The SHA hash functions have been used for the basis of the SHACAL block ciphers.
SHA-1 or Secure Hash Algorithm 1 is a cryptographic algorithm which takes an input and
produces a 160-bit (20-byte) hash value. This hash value is known as a message digest. This
message digest is usually then rendered as a hexadecimal number which is 40 digits long. It is
a U.S. Federal Information Processing Standard and was designed by the United States
National Security Agency. SHA-1 is now considered insecure since 2005. Major tech giants’
browsers like Microsoft, Google, Apple and Mozilla have stopped accepting SHA-1 SSL
certificates by 2017. To calculate cryptographic hashing value in Java, MessageDigest Class is
used, under the package java. security. MessageDigest Class provides following
cryptographic hash function to find hash value of a text as follows:
 MD2
 MD5
 SHA-1
 SHA-224
 SHA-256
 SHA-384
 SHA-512
These algorithms are initialized in static method called get Instance (). After selecting the
algorithm, the message digest value is calculated and the results are returned as a byte array.
Big Integer class is used, to convert the resultant byte array into its signum representation. This
representation is then converted into a hexadecimal format to get the expected MessageDigest

Program:
#include <stdio.h>
#include <string.h>
#include <openssl/sha.h>
#include <time.h>

void generate_sha1_hash(const char *message, char *digest) {

SHA_CTX ctx;
SHA1_Init(&ctx);
SHA1_Update(&ctx, message, strlen(message));
SHA1_Final(digest, &ctx);
}

int main() {
const int num_tests = 10;
const int message_sizes[] = {100, 1000, 10000, 100000, 500000, 1000000, 5000000, 10000000,
20000000, 50000000};
char digest[SHA_DIGEST_LENGTH];
 clock_t start, end;
double total_time = 0;

for (int i = 0; i < num_tests; i++) {

start = clock();
char message[message_sizes[i]];
for (int j = 0; j < message_sizes[i]; j++) {
message[j] = 'a';
}
generate_sha1_hash(message, digest);
end = clock();
total_time += (double)(end - start) / CLOCKS_PER_SEC;
printf("HashCode Generated by SHA-1 for: %s : %s\n", message, digest);
}

printf("Average time taken to generate SHA-1 hash for messages of varying sizes: %f
seconds\n", total_time / num_tests);

return 0;
}

Output:
HashCode Generated by SHA-1 for: [message] : [hash]
Average time taken to generate SHA-1 hash for messages of varying sizes: [average_time]
seconds
 Experiment No: 05

AIM: Study the use of network reconnaissance tools like WHOIS, dig, traceroute, Ns lookup to
gather information about networks and domain registrars.

OBJECTIVES:
● To understand network information discovery
● To study various basic network commands to gather network information.
● To understand passive attack technique.

OUTCOMES: The learner will be able to Apply basic network command together basic
network information.

Hardware / Software Required: Unix/Linux

Theory: Network reconnaissance tools like WHOIS, dig, traceroute, Ns lookup to gather
information about networks and domain registrars. Here is how each tool can be use for this
purpose.

1.WHOIS:
WHOIS is the Linux utility for searching an object in a WHOIS database. The WHOIS database
of a domain is the publicly displayed information about a domains ownership, billing, technical,
administrative, and name server information. Running a WHOIS on your domain will look the
domain up at the registrar for the domain information. All domains have WHOIS information.
WHOIS database can be queried to obtain the following information via WHOIS:
• Administrative contact details, including names, email addresses, and telephone numbers
• Mailing addresses for office locations relating to the target organization
• Details of authoritative name servers for each given domain Example: Querying
www.youtube.com

2.Dig :

Dig is a networking tool that can query DNS servers for information. It can be very helpful for
diagnosing problems with domain pointing and is a good way to verify that your configuration is
working. The most basic way to use dig is to specify the domain we wish to query: Example:
C:\Program Files\ISC BIND 9\bin>dig

3.Traceroute :
Traceroute is a network diagnostic tool used to track the path data takes from one host to another
on a network. It works by sending out packets of data and recording the time it takes for each
packet to reach its destination and return. Traceroute can be used to identify network issues,
troubleshooting connectivity problems, and analyzing the route data takes to reach a specific
destination.

4.Nslookup :
Nslookup, short for "name server lookup," is a command-line tool used to query Domain Name
System (DNS) servers to obtain information about domain names and IP addresses. It is
commonly used to troubleshoot DNS-related issues, identify DNS configuration problems, and
gather information about domain names and their corresponding IP addresses. Ns lookup can be
used to look up various DNS records such as A, AAAA, MX, PTR, and TXT records.
 Experiment No: 06

Aim: Study of Packet Sniffer Tools

Theory:

Installing Wireshark on Windows:

Follow the below steps to install Wireshark on Windows:

Step 1: Visit the official Wireshark website using any web browser.

Step 2: Click on

Download, a new webpage will open with different installers of Wireshark.

Step 3: Downloading of the executable file will start shortly. It is a small 73.69 MB file that
will take some time.

Step 4: Now check for the executable file in downloads in your system and run it.

Step 5: It will prompt confirmation to make changes to your system. Click on Yes.
Step 6: Setup screen will appear, click on Next.

Step 7: The next screen will be of License Agreement, click on Noted.

Step 8: This screen is for choosing components, all components are already marked so don’t
change anything just click on the Next button.
Step 9: This screen is of choosing shortcuts like start menu or desktop icon along with file
extensions which can be intercepted by Wireshark, tick all boxes and click on Next button.

Step 10: The next screen will be of installing location so choose the drive which will have
sufficient memory space for installation. It needed only a memory space of 223.4 MB.
Step 11: Next screen has an option to install Npcap which is used with Wireshark to capture
packets pcap means packet capture so the install option is already checked don’t change
anything and click the next button.

Step 12: Next screen is about USB network capturing so it is one’s choice to use it or not,
click on Install.
Step 13: After this installation process will start.

Step 14: This installation will prompt for Npcap installation as already checked so the license
agreement of Npcap will appear to click on the I Agree button.
Step 15: Next screen is about different installing options of npcap, don’t do anything click on
Install.

Step 16: After this installation process will start which will take only a minute.
Step 17: After this installation process will complete click on the Next button.

Step 18: Click on Finish after the installation process is complete.

Step 19: After this installation process of Wireshark will complete click on the Next button.

Step 20: Click on Finish after the installation process of Wireshark is complete.
Wireshark is successfully installed on the system and an icon is created on the desktop as
shown below:

Now run the software and see the interface.

Congratulations!! At this point, you have successfully installed Wireshark on your windows
system.
 Experiment No. 07

Aim: Download and install Nmap. Use it with different options to scan open ports, perform OS
fingerprinting, do a ping scan, TCP port scan, UDP port scan, Xmas scan etc.

Prerequisite: Basic Knowledge of Ports, TCP, UDP, Ping

Outcome: After successful completion of this experiment, students will be able to Install and
use Nmap and use it for gathering detailed network and remote host information.

Theory:
➔ Nmap (Network Mapper) is a security scanner originally written by Gordon Lyon (also known by his
pseudonym Fyodor Vaskovich) used to discover hosts and services on a computer network, thus creating
a "map" of the network. To accomplish its goal, Nmap sends specially crafted packets to the target host
and then analyzes the responses. Unlike many simple port scanners that just send packets at some
predefined constant rate, Nmap accounts for the network conditions (latency fluctuations, network
congestion, the target interference with the scan) during the run. Also, owing to the large and active
user community providing feedback and contributing to its features, Nmap has been able to extend its
discovery capabilities beyond simply figuring out whether a host is up or down and which ports are open
and closed; it can determine the operating system of the target, names and versions of the e listening
services, estimated uptime, type of device, and presence of a firewall.

Nmap features include:

● Host Discovery – Identifying hosts on a network. For example, listing the hosts which respond to pings
or have a particular port open.

● Port Scanning – Enumerating the open ports on one or more target hosts.

● Version Detection – Interrogating listening network services listening on remote devices to determine
the application name and version number.

● OS Detection –Remotely determining the operating system and some hardware characteristics of
network devices.

Basic commands working in Nmap:

● For target specifications: Nmap

● For OS detection: Nmap -O

● For version detection: Nmap -SV SYN scan is the default and most popular scan option for good
reasons. It can be performed quickly, scanning thousands of ports per second on a fast network not
hampered by restrictive firewalls. It is also relatively unobtrusive and stealthy since it never completes
TCP connections.

Procedure
Installation of Nmap:

$ sudo apt-get install nmap

Commands:

● nmap -sP Ping scans the network, listing machines that respond to ping.

● FIN scan (-SF) Sets just the TCP FIN bit.

● -sV (Version detection) . Enables version detection, as discussed above. Alternatively, can use -A,
which enables version detection among other things.

● -sO (IP protocol scan) IP protocol scan allows you to determine which IP protocols (TCP, ICMP, IGMP,
etc.) are supported by target machines. This isn´t technically a port scan, since it cycles through IP
protocol numbers rather than TCP or UDP port numbers.

● -O (Enable OS detection). Enables OS detection, as discussed above. Alternatively, you can use -A to
enable OS detection along with other things.

● -p port ranges (Only scan specified ports). This option specifies which ports you want to scan and
overrides the default. Individual port numbers are OK, as are ranges separated by a hyphen (e.g. 1-
1023). The beginning and/or end values of a range may be omitted, causing Nmap to use 1 and 65535,
respectively.

● --top-ports Scans the N highest-ratio ports found in the Nmap-services file.

● Nmap –-iflist host interface and route information with nmap by using ―–iflist‖ option.
Target: 192.168.4.121

Command: nmap -T4 -A 192.168.4.121

Conclusion: After successful completion of this experiment, we have Installed and used Nmap
for gathering detailed network and remote host information.
 Experiment No. 08

Aim:- To perform DOS Attack using HPING3

Prerequisite:
Basic Knowledge of DOS attacks.

Outcome: After the successful completion of this experiment, students will be able to use open
source technologies and explore email security and explore various attacks.

Theory :-

➔ Denial-of-service (DoS) attack is an attempt to make a machine or network resource

unavailable to its intended users, such as to temporarily or indefinitely interrupt or suspend
services. A distributed denial-of-service (DDoS) is where the attack source is more than one,
often thousands of, unique IP addresses. It is analogous to a group of people crowding the entry
door or gate to a shop or business, and not letting legitimate parties enter into the shop or
business, disrupting normal operations.

➔ A DoS attack tries to make a web resource unavailable to its users by flooding the target URL
with more requests than the server can handle. That means that during the attack period, regular
traffic on the website will be either slowed down or completely interrupted.

➔ A Distributed Denial of Service (DDoS) attack is a DoS attack that comes from more than
one source at the same time. A DDoS attack is typically generated using thousands (potentially
hundreds of thousands) of unsuspecting zombie machines. The machines used in such attacks are
collectively known as “botnets” and will have previously been infected with malicious software,
so they can be remotely controlled by the attacker. According to research, tens of millions of
computers are likely to be infected with botnet programs worldwide.

➔ Cybercriminals use DoS attacks to extort money from companies that rely on their websites
being accessible. But there have also been examples of legitimate businesses having paid
underground elements of the Internet to help them cripple rival websites. Besides, cybercriminals
combine DoS attacks and phishing to target online bank customers. They use a DoS attack to
take down the bank's website and then send out phishing emails to direct customers to a fake
emergency site instead.
Installation Steps:
1. Install Hping3 and Wireshark

2. Flood the victim with TCP/ICMP/UDP packet using Hping

3. (-- flood option) 3. Observe the Dos attack and DDoS attack using Wireshark

Program:
OUTPUT:
 Experiment no: 09

Aim: Explore the GPG tool of linux to implement email security.

Prerequisite: Basic Knowledge of email, symmetric and asymmetric encryption and decryption.
Outcome : After the successful completion of this experiment, students will be able to use
open source technologies and explore email security and explore various attacks.

Theory:
➔ Pretty Good Privacy (PGP) is a data encryption and decryption computer program that
provides cryptographic privacy and authentication for data communication. PGP is often used for
signing, encrypting, and decrypting texts, e-mails, files, directories, and whole disk partitions and
to increase the security of e-mail communications.

➔ PGP encryption uses a serial combination of hashing, data compression, symmetric-key

cryptography, and finally public-key cryptography; each step uses one of several supported
algorithms. Each public key is bound to a user name and/or an e-mail address. The first version
of this system was generally known as a web of trust to contrast with the X.509 system, which
uses a hierarchical approach based on certificate authority and which was added to PGP
implementations later. Current versions of PGP encryption include both options through an
automated key management server.

➔ GNU Privacy Guard (GnuPG or GPG) is a free software replacement for Symantec's PGP
cryptographic software suite. GnuPG is a hybrid encryption software program because it uses a
combination of conventional symmetric-key cryptography for speed, and public-key
cryptography for ease of secure key exchange, typically by using the recipient's public key to
encrypt a session key which is only used once. This mode of operation is part of the OpenPGP
standard and has been part of PGP from its first version.
Conclusion: After the successful completion of this experiment, we can use open source
technologies and explore email security and explore various attacks.
 Experiment No.10
Aim: Perform SQL injection on a vulnerable website.

Prerequisite: Basic Knowledge of SQL queries, HTML/PHP.

Outcome: After successful completion of this experiment, students will be able to set up
firewalls and intrusion detection systems using open source technologies and explore email
security and explore various attacks like buffer overflow, SQL injection and web application
attacks.

Theory:

➔ SQL Injection (SQLi) is a type of injection attack that makes it possible to execute malicious
SQL statements. These statements control a database server behind a web application. Attackers
can use SQL Injection vulnerabilities to bypass application security measures. They can go
around authentication and authorization of a web page or web application and retrieve the
content of the entire SQL database. They can also use SQL Injection to add, modify, and delete
records in the database.

➔ An SQL Injection vulnerability may affect any website or web application that uses an SQL
database such as MySQL, Oracle, SQL Server, or others. Criminals may use it to gain
unauthorized access to your sensitive data: customer information, personal data, trade secrets,
intellectual property, and more. SQL Injection attacks are one of the oldest, most prevalent, and
most dangerous web application vulnerabilities.

➔ To make an SQL Injection attack, an attacker must first find vulnerable user inputs within the
web page or web application. A web page or web application that has an SQL Injection
vulnerability uses such user input directly in an SQL query. The attacker can create input
content. Such content is often called a malicious payload and is the key part of the attack. After
the attacker sends this content, malicious SQL commands are executed in the database.

➔ SQL is a query language that was designed to manage data stored in relational databases. You
can use it to access, modify, and delete data. Many web applications and websites store all the
data in SQL databases. In some cases, you can also use SQL commands to run operating system
commands. Therefore, a successful SQL Injection attack can have very serious consequences.
Step 1: Pick a vulnerable website you can perform SQL injection on.

STEP 2: To confirm the vulnerability, add an apostrophe sign at the end of the link. As we see the
warning is coming from the webserver, hence it is vulnerable.

STEP 3: Open the kernel and run the following command to target the website using ‘SQLMAP’, an
inbuilt software in the Linux operating system.

STEP 10: Here we get all the details of the admin since we’ve successfully penetrated the website and
managed to get the account details.
Conclusion: After successful execution of this experiment, we can set up firewalls and intrusion
detection systems using open source technologies and explore email security and explore various
attacks like buffer overflow, SQL injection and web-application attacks.